The snapshots are acquired from the Virtual machine (VM) using VirtualBox. We created our VMs on the following configurations:
	• OS : Windows 8x64
	• HDD : 25 GB
	• CPU Cores:  1
	• RAM : 1 GB

The host system configuration running VM is:
	• RAM : 4 GB
	• OS : Windows 10x64
	• HDD : 500 GB

Snapshots are captured in .elf format. 

Executables used are as follows:

Snapshot No.	Executable    	   Description
------------    ---------------    ----------------
1-100 		Baseline 	   We used Notepad, Wordpad and Chrome as the Baseline 
101-200		WannaCry 	   Ransomware that propagates through WannaCry Worm.
201-300		Wireshark 	   Network packet analyser for troubleshooting
301-400		Cerber		   Ransomware that follows AES encryption.
401-500         Teslacrypt	   Ransomware  that  utilizes  RSA2048  for  encryption.
501-600		ProcMon		   Advanced Monitoring tool for windows.
601-700		HiddenTear	   Open source ransomware written in C#.
701-800		Vipasana	   Ransomware first observed in 2015.
801-900		Process Explorer   Freeware task manager and system monitor for windows.
901-1000	Defraggler 	   Defragmentation utility which is used to defragment individual or group of files on computer system.

All the snapshots are analysed using Volatility_2.6.exe and python 3.7

For further queries, please contact:
Asad Arfeen	   -- arfeen@neduet.edu.pk
Muhammad Asim Khan -- asimnccs@neduet.edu.pk
Usama Ahsan	   -- usamaahsan@neduet.edu.pk
Obad Zafar	   -- obadzafar@neduet.edu.pk